1. run this command to generated rquired client file: ```commandline cd /etc/openvpn/easy-rsa/ ./easyrsa build-client-full nopass ``` # example create test client key for user name: [arthur] arthur@server:~/openvpn-ca$ ./easyrsa gen-req arthur nopass Using Easy-RSA 'vars' configuration: * /home/arthur/openvpn-ca/vars Using SSL: * openssl OpenSSL 3.0.13 30 Jan 2024 (Library: OpenSSL 3.0.13 30 Jan 2024) ....+...+...+..+.......+.....+......+...+.......+.....+...+..........+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+...........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ..+...............+...+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+............+......+.......+.....+...+....+..+......+.......+......+......+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+..+......+....+..................+...+.....+.......+...+......+.....+....+.........+......+.....+....+..+.+........+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Common Name (eg: your user, host, or server name) [arthur]: Notice ------ Private-Key and Public-Certificate-Request files created. Your files are: * req: /home/arthur/openvpn-ca/pki/reqs/arthur.req * key: /home/arthur/openvpn-ca/pki/private/arthur.key arthur@server:~/openvpn-ca$ ./easyrsa sign-req client arthur Using Easy-RSA 'vars' configuration: * /home/arthur/openvpn-ca/vars Using SSL: * openssl OpenSSL 3.0.13 30 Jan 2024 (Library: OpenSSL 3.0.13 30 Jan 2024) You are about to sign the following certificate: Please check over the details shown below for accuracy. Note that this request has not been cryptographically verified. Please be sure it came from a trusted source or that you have verified the request checksum with the sender. Request subject, to be signed as a client certificate for '825' days: subject= commonName = arthur Type the word 'yes' to continue, or any other input to abort. Confirm request details: yes Using configuration from /home/arthur/openvpn-ca/pki/openssl-easyrsa.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'arthur' Certificate is to be certified until Dec 19 04:09:41 2027 GMT (825 days) Write out database with 1 new entries Database updated Notice ------ Certificate created at: * /home/arthur/openvpn-ca/pki/issued/arthur.crt 2. OpenVPN Server Configuration\ ```commandline ### Check location of key before copy ------ CA creation complete. Your new CA certificate is at: * /home/arthur/openvpn-ca/pki/ca.crt ------ Certificate created at: * /home/arthur/openvpn-ca/pki/issued/server.crt ------ Private-Key and Public-Certificate-Request files created. Your files are: * req: /home/arthur/openvpn-ca/pki/reqs/server.req * key: /home/arthur/openvpn-ca/pki/private/server.key ------ DH parameters of size 2048 created at: * /home/arthur/openvpn-ca/pki/dh.pem ------ TA Key at: * /home/arthur/openvpn-ca/ta.key ### Start copying requirement files arthur@server:~/openvpn-ca$ sudo cp pki/ca.crt pki/issued/server.crt pki/private/server.key ta.key pki/dh.pem /etc/openvpn/server/ ### Check the destination again arthur@server:~/openvpn-ca$ ls -la /etc/openvpn/server/ total 32 drwxr-xr-x 2 root root 4096 Sep 15 04:17 . drwxr-xr-x 4 root root 4096 Sep 15 03:39 .. -rw------- 1 root root 1245 Sep 15 04:17 ca.crt -rw------- 1 root root 424 Sep 15 04:17 dh.pem -rw------- 1 root root 4728 Sep 15 04:17 server.crt -rw------- 1 root root 1708 Sep 15 04:17 server.key -rw------- 1 root root 636 Sep 15 04:17 ta.key ```